Role in IT decision-making process:Align Business & IT GoalsCreate IT StrategyDetermine IT NeedsManage Vendor RelationshipsEvaluate/Specify Brands or VendorsOther RoleAuthorize PurchasesNot Involved

Work Phone:

Company:

Company Size:

Industry:

Street Address

City:

Zip/postal code

State/Province:

Country:

Occasionally, we send subscribers special offers from select partners. Would you like to receive these special partner offers via e-mail?YesNo

Your registration with Eweek will include the following free email newsletter(s):News & Views

By submitting your wireless number, you agree that eWEEK, its related properties, and vendor partners providing content you view may contact you using contact center technology. Your consent is not required to view content or use site features.

By clicking on the "Register" button below, I agree that I have carefully read the Terms of Service and the Privacy Policy and I agree to be legally bound by all such terms.

Phony AV Now Stalking Google Image Search

Proving once again that rogue AV threats are as ubiquitous as any brand of malware campaign out there these days, the phony security programs have now made the leap to Google Image search results. Rogue AV attackers are sprinkling their wares throughout search results for popular terms including the names of

WEBINAR:On-Demand

Proving once again that rogue AV threats are as ubiquitous as any brand of malware campaign out there these days, the phony security programs have now made the leap to Google Image search results.

Rogue AV attackers are sprinkling their wares throughout search results for popular terms including the names of actresses on popular TV shows, experts with Webroot report. The attacks target end users by returning images to Google searches that subsequently point people's browsers toward URLs delivering the fake AV threats.

Someone innocently seeking pictures of an actress who recently joined the cast of the TV show "24" this week may find themselves drawn into a "JavaScript-enabled FakeAlert browser trap" Webroot blogger Andrew Brandt said in a recent post.

Users who get further sucked in by the phony AV attacks may eventually end up with a nasty infection that almost completely disables many basic desktop controls including the ability to right-click with their mouse.

The rogue's behavior on an infected system is "obnoxious in the extreme," Brandt contends.

In addition to changing desktop wallpaper, and negating mouse right click and scroll wheel capability, the infection blocks most Web-based apps and even blocks the Windows Task Manager. To help regain control of their machine the attack then offers users disinfection packages with names like "Total Security" and "Security Tool" for $50-to-$90, which are themselves just further empty threats, the researcher said.

"Each malicious URL we found funnels the browser into the same FakeAlert, which itself leads to the same rogue antivirus product," Brandt reports. "Each time we revisited the site, we ended up with what was essentially the same equally nasty rogue antivirus application, sometimes in a different skin, sometimes with a different name."

Rogue AV attacks are seemingly everywhere stalking users based on fear in the very attacks they seek to perpetuate. When considering that and taking a proverbial snapshot of the overall cyber-crime epidemic, a picture would seem to be worth a thousand words.

Follow eWeek Security Watch on Twitter at: eWeekSecWatch.

Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog@gmail.com.

By submitting your information, you agree that eweek.com may send you eWEEK offers via email, phone and text message, as well as email offers about other products and services that eWEEK believes may be of interest to you. eWEEK will process your information in accordance with the Quinstreet Privacy Policy.

We ran into a problem

We already have your email address on file. Please use the "Forgot your password?" link to create a password, validate your email and login.